package com.zxy.furns.filter;

import com.google.gson.Gson;
import com.zxy.furns.entity.Member;
import com.zxy.furns.utils.WebUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * ClassName: AuthFilter
 * Package: com.zxy.furns.filter
 *
 * @Author zxy
 * @Create 2025/3/27 20:18
 * @Version 1.0
 * title:
 * Description:
 */
public class AuthFilter implements Filter {
    private List<String> excludedUrls;


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        String strExcludedUrl = filterConfig.getInitParameter("excludedUrls");
        String[] split = strExcludedUrl.split(",");
        excludedUrls = Arrays.asList(split);
        System.out.println("excludedUrls = " + excludedUrls);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        String url = request.getServletPath();
        if (!excludedUrls.contains(url)) {
            Member member = (Member) request.getSession().getAttribute("member");

            if (member == null) {
                if (!WebUtils.isAjaxRequest(request)) { //不是ajax请求
                    request.getRequestDispatcher("/views/member/login.jsp").forward(servletRequest, servletResponse);
                } else {
                    //如果是ajax请求
                    //需要返回一个url=>按照json格式
                    HashMap<String, Object> resultMap = new HashMap<>();
                    resultMap.put("url", "views/member/login.jsp");
                    Gson gson = new Gson();
                    String resultJson = gson.toJson(resultMap);
                    servletResponse.getWriter().write(resultJson);
                }

                return;
            }else {
                if ("/manage/furnServlet".equals(url) && "page".equals(request.getParameter("action"))) {
                    if (!"admin".equals(member.getUsername())) {
                        // 不是 admin 用户，进行相应处理
                        if (!WebUtils.isAjaxRequest(request)) {
                            // 非 AJAX 请求，转发到无权限页面
                            request.getRequestDispatcher("/views/error/404.jsp").forward(servletRequest, servletResponse);
                        } else {
                            // AJAX 请求，返回无权限信息
                            Map<String, Object> resultMap = new HashMap<>();
                            resultMap.put("message", "你没有权限访问该页面");
                            Gson gson = new Gson();
                            String resultJson = gson.toJson(resultMap);
                            servletResponse.getWriter().write(resultJson);
                        }
                        return;
                    }
                }

            }

        }
        filterChain.doFilter(servletRequest, servletResponse);
        System.out.println("继续~");


    }

    @Override
    public void destroy() {

    }
}
